Author Topic: Account Lockout policies are not working  (Read 4050 times)

nayanivijay

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Account Lockout policies are not working
« on: March 20, 2014, 11:07:55 am »
I have a zentyal 3.3 server DC. I have created OUs and linked GPO to OU for account lockout policies.

Account Lockout Duration: 30min
Account Lockout Threshold: 5 invalid attempts
Reset Account lockout counter after: 30min

I have created a test account and logged in with an incorrect password more than 5 times to a machine. but the test account never locks and the computer never prompts me that the account has been locked out. All other policies that are set in this GPO are applying, but the Account Lockout policy does not work.
i think some hotfix might be available for this issue.
Can anyone please help with this issue?

nayanivijay

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #1 on: March 21, 2014, 06:11:37 am »
please help me this is important for me.

nayanivijay

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #2 on: March 21, 2014, 10:24:16 am »
no reply ?

vinnu5064

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #3 on: April 05, 2015, 04:57:44 pm »
hai....

i made gpo for screensaver and account lockout policy; screensaver is working fine but account lockout policy not at all working.
do you find any solution for account lockout policy


astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #4 on: April 06, 2015, 12:55:34 pm »
Did you use default group policy or create a new OU?
I've found using the default one was the only way to get the policy applied (older version of Zentyal so maybe no longer applies)
Another thing to test: Is it in computer policy or user policy and are they both being applied (check you windows event logs to verify)

vinnu5064

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #5 on: April 06, 2015, 04:21:27 pm »
thanks for the reply

tried on both, default one and as well as on new OU also

screensaver policy is working fine but not passwd policy and accnt lockout policy
« Last Edit: April 06, 2015, 04:25:23 pm by vinnu5064 »

astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #6 on: April 06, 2015, 04:48:53 pm »
Check computer policy is being applied. Either it is that or something missing in your group policy setup.
Screen Saver is going to be user policy, but lockout can't be as the user isn't logged in yet so that policy won't be applied.
Check the event logs for group policy on a client that fails.

vinnu5064

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #7 on: April 06, 2015, 05:08:29 pm »
Can i have any tutorial or the way you achieved for implementing this.

vinnu5064

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #8 on: April 07, 2015, 05:12:16 am »
i did it again in fresh machines
machine1-zentyal
machine2-windows 7 ultimate 64bit with RSAT
machine3-windows 7 ultimate 64bit client

screensaver and deny removable storage access works fine, but password policy and account lockout policy not at all responding

is it possible to implement  password policy and account lockout policy in scenario

astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #9 on: April 07, 2015, 05:44:13 am »
Check the event logs for group policy on a client that fails.

Panzerfather

  • Zen Apprentice
  • *
  • Posts: 9
  • Karma: +4/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #10 on: April 07, 2015, 09:40:10 am »
The answer why it isn't working is really simple: the wrong password attempts tracking and accounts locking wasn't implemented in samba until version 4.2.0. So you have to wait until Zentyal updated samba to a version 4.2 or greater.

See samba release notes for further informations:
https://www.samba.org/samba/history/samba-4.2.0.html

peptoniET

  • Zen Apprentice
  • *
  • Posts: 40
  • Karma: +4/-0
    • View Profile
Re: Account Lockout policies are not working
« Reply #11 on: March 29, 2016, 07:44:59 pm »
Zentyal 4.2.2. Samba version: 4.3.4-Zentyal
Account lockout policies still not appliying.  Rest of policies seem to apply correctly.  Have to use pdbedit to set account lockout policies.
Still not implemented...?  Anyone can confirm, please?